35 matches found
Prototype Pollution in ini-parser
All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Conside...
Prototype Pollution
Overview All versions of ini-parser are vulnerable to prototype pollution. The parse function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...
Prototype Pollution
ini-parser is vulnerable to prototype pollution. An attacker is able to add and modify arbitrary properties via Object.prototype using a proto payload...
Ini-parser Resource Management Error Vulnerability
Ini-parser is a parser for .ini format files. A resource management error vulnerability exists in ini-parser 0.0.2 and earlier versions. An attacker can exploit this vulnerability to add or modify properties of Object.prototype to execute arbitrary code...
CVE-2020-7617
ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a 'proto' payload...
CVE-2020-7617
ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a 'proto' payload...
CVE-2020-7617 Prototype Pollution
ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a 'proto' payload...
CVE-2020-7617
The CVE-2020-7617 entry concerns the ini-parser package (up to version 0.0.2) and describes a Prototype Pollution vulnerability. An attacker can exploit a proto payload to add or modify properties on Object.prototype, enabling potential attacker-controlled behavior across JavaScript objects. Seve...
@dawnjs/cli (>=1.11.0 <=1.13.7), @dawnjs/dn-middleware-lint (=3.0.12) +49 more potentially affected by CVE-2020-7617 via ini-parser (=0.0.2)
ini-parser NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on ini-parser and may be impacted: - @dawnjs/cli =1.11.0, =1.0.0, =0.0.1, =1.0.0-beta, =0.0.2, =0.0.1, =0.5.12, =1.0.1, =0.0.1, =3.0.0, =1.0.11, =1.1.4 and more Source cves:...
Prototype Pollution
Overview ini-parser is a package to parse .ini files. Affected versions of this package are vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC var a = require"ini-parser"; a.parse'proto\ntoString=JHU';...
(0Day) Wecon LeviStudioU DataLogTool INI Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DataLogTool.ex...
Wecon LeviStudioU DataLogTool INI Parser Stack-based Buffer Overflow Code Execution Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DataLogTool.exe. When...
php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...
UBUNTU-CVE-2017-11628
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...
PHP 'zend_ini_do_op()' function buffer overflow vulnerability
PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability in the 'zendinidoop' function in the Zend/zendiniparser.c file in PHP allows remote attackers to exploit the vulnerability to submit a special...